diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-07-21 10:14:46 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:01:15 -0500 |
| commit | 62b56dc2db5285a55d1abc3a849db8fd96e0ac8f (patch) | |
| tree | 99cc77575c62da78ac73e8d1739f7132e1bee958 | |
| parent | 0673a182771878892b584efc5316e4029a8fee47 (diff) | |
| download | samba-62b56dc2db5285a55d1abc3a849db8fd96e0ac8f.tar.gz samba-62b56dc2db5285a55d1abc3a849db8fd96e0ac8f.tar.bz2 samba-62b56dc2db5285a55d1abc3a849db8fd96e0ac8f.zip | |
r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.
Should fix bug #4804.
Andrew Bartlett
(This used to be commit 848336dc617b72d189fe82e10c0b08a518d6d073)
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/kludge_acl.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 3aca12de5f..68ab3880e5 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -115,7 +115,7 @@ struct kludge_acl_context { static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg, const char *attrName) { - struct ldb_message_element *oc_el = ldb_msg_find_element(msg, "objectClass"); + struct ldb_message_element *oc_el; struct ldb_message_element *allowedAttributes; const struct dsdb_schema *schema = dsdb_get_schema(ldb); const struct dsdb_class *class; @@ -125,6 +125,10 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess return ret; } + /* To ensure that oc_el is valid, we must look for it after + we alter the element array in ldb_msg_add_empty() */ + oc_el = ldb_msg_find_element(msg, "objectClass"); + for (i=0; i < oc_el->num_values; i++) { class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data); if (!class) { |